Ransomware Leads in Growth and Impact While Hackers Remain Committed to Data Theft

PhishMe’s 2016 Malware Year in Review analysis shows fast growth of Ransomware while hackers continue to quietly attempt to steal data

LEESBURG, VA – March 14, 2017: PhishMe Inc., the leading provider of human phishing defense solutions, today released findings showing that while Ransomware delivered the greatest impact and growth in 2016, threat actors continue to attempt data breaches and theft.

PhishMe Wins Four 2017 Info Security Products Guide Global Excellence Awards®

PhishMe Wins for Best Security Service, Best Deployment in the U.S. and Top CEO and CTO Categories

LEESBURG, VA – March 3rd, 2017PhishMe, the leading provider of human-phishing defense solutions, was recently honored with four 2017 Info Security Products Guide Global Excellence Awards®, winning in every category in which it was a finalist. These prestigious global awards, put on by the industry’s leading information security research and advisory guide, recognize security and IT vendors with advanced, ground-breaking products and solutions that help set the bar higher for others in all areas of security and technologies. More than 40 judges from a broad spectrum of industry voices from around the world weighed the nominations, and their average scores determined the 2017 Global Excellence Awards finalists and winners. 

PhishMe Reports Explosive Growth: Annual Run Rate Approaches $50 Million

Continued Growth Driven by Innovative Offerings and Strong Execution

 LEESBURG, VA January 31, 2017: PhishMe Inc., the leading provider of human phishing defense solutions, today announced another year of record growth, with Annual Run Rate (ARR) approaching $50 million. PhishMe’s more than 300 employees now serve 1,200 enterprise customers world-wide to defend against cybercriminals, hacktivists and state-sponsored hackers.

Employee reporting of suspicious emails substantially outweighs susceptibility to attacks

Following a thorough analysis of 40 million phishing simulation emails, PhishMe’s latest research measures global susceptibility and resilience to phishing threats

 LEESBURG, VA December 13th, 2016: PhishMe Inc., the leading provider of human phishing defense solutions, today released its 2016 Enterprise Phishing Susceptibility and Resiliency Report, which illustrates employee susceptibility to phishing emails and resilience improvements when engaged in security reporting. With phishing still the most common cyber-attack vector leading to data breach, the report analyzes the most successful triggers, themes and emotional motivators leading employees to fall for phishing emails, as well as how reporting can drive a decrease in time to attack detection from days to minutes.

The PhishMe research teams analyzed data compiled from over 40 million phishing simulations performed between January 2015 and July 2016. Responses were gathered from a sample of over 1,000 PhishMe customers across the globe, including Fortune 500 and public sector organizations from 23 industry verticals. Published today, PhishMe’s 2016 Enterprise Phishing Susceptibility and Resiliency Report identified the following insights:

  • Business context phishing simulation emails still the most challenging: Office communications and finance-related themes generated the highest susceptibility rates, with 19.9 percent and 18.6 percent respectively, driven by sentiments of curiosity, fear and urgency.
  • Reporting outweighs susceptibility to phishing: Over a relatively short amount of time, reporting rates bypass susceptibility rates when at least 80% of the company has been conditioned to identify and empowered to report suspicious emails.
  • Active reporting can significantly decrease breach detection times: Samples analyzed show reporting of suspicious emails reduced security team response time to approximately 1.2 hours over the currently industry average of 146 days to detect a security breach.

PhishMe’s analysis revealed that business or office-related phishing emails proved to be the most effective simulations, as well as the most difficult for users to recognize and report. Phishing emails with sentiments of curiosity, fear and urgency scored the highest percentage in average response rates, suggesting that employees are at risk of increased susceptibility to phishing campaigns that include an emotional pull, even at a subconscious level.

“Our analysis shows that continued exposure to simulations lowers the chance of an employee falling for a phishing email – the key being consistent exposure,” stated Aaron Higbee, Co-Founder and CTO at PhishMe. “Once employees are conditioned to identify phishing attacks, our data shows that reporting them to the IT Security team starts to outweigh organizational susceptibility.  It only takes one employee to report a targeted attack to give incident response teams a chance to stop a potential data breach. Armed with this new data, we hope that more CISOs focus their attention on the ratio of Report-To-Click instead of dwelling on susceptibility metrics.”

The 2016 Enterprise Phishing Susceptibility and Resiliency Report also analyzes variances in phishing simulation response by themes, emotional triggers, and average response rates per industry. In looking at one particular type of phishing email type, the “file from scanner” scenario generated the highest number of response rates in the transportation sector at 49 percent, followed by healthcare at 31 percent and insurance at 30 percent. On the other hand, the non-profit sector scored the lowest response rate, at a 5 percent.

“Understanding what motivates your employees to open or fall for a phish is a critical step in building their resiliency to attacks and enabling faster incident response” continued Higbee “At its core, a phishing simulation program allows organizations to assess, measure, educate and empower all employees about phishing threats while creating a wider net of human sensors to help reduce the risk of a full-blown data breach.”.

 

To download a full copy of the 2016 Enterprise Phishing Susceptibility and Resiliency Report, click here.

Ransomware Delivered by 97% of Phishing Emails by end of Q3 2016 Supporting Booming Cybercrime Industry

PhishMe Q3 Malware Review finds encryption ransomware has hit record levels, while ‘quiet malware’ remains a significant threat

 LEESBURG, VA November 17, 2016: PhishMe Inc., the leading provider of human phishing defense solutions, released findings today that show the amount of phishing emails containing a form of ransomware grew to 97.25 percent during the third quarter of 2016 from 92% in Q1. Remaining at the forefront is the Locky encryption ransomware, which has introduced a number of techniques to resist detection during the infection process.

Published today, PhishMe’s Q3 2016 Malware Review identified three major trends previously recorded throughout 2016, but have come to full fruition in the last few months:

  • Locky continues to dominate: While numerous encryption ransomware varieties have been identified in 2016, Locky has demonstrated adaptability and longevity
  • Ransomware encryption: The proportion of phishing emails analyzed that delivered some form of ransomware has grown to 97.25 percent, leaving only 2.75 percent of phishing emails to deliver all other forms of malware utilities
  • Increase in deployment of ‘quiet malware’: PhishMe identified an increase in the deployment of remote access Trojan malware like jRAT, suggesting that these threat actors intend to remain within their victims’ networks for a long time

During the third quarter of 2016, PhishMe Intelligence conducted 689 malware analyses, showing a significant increase over the 559 analyses conducted during Q2 2016. Research reveals that the increase is due, in large part, to the consistent deployment of the Locky encryption ransomware. Locky executables were the most commonly-identified file type during the third quarter, with threat actors constantly evolving the ransomware to focus on keeping this malware’s delivery process as effective as possible.

“Locky will be remembered alongside 2013’s CryptoLocker as a top-tier ransomware tool that fundamentally altered the way security professionals view the threat landscape,” explained Aaron Higbee, CTO and Co-founder, PhishMe. “Not only does Locky distribution dwarf all other malware from 2016, it towers above all other ransomware varieties. Our research has shown that the quarter-over-quarter number of analyses has been on a steady increase, since the malware’s introduction at the beginning of 2016, and thanks to its adaptability, is showing no signs of slowing down.”

While ransomware dominates the headlines, the Q3 PhishMe Malware Review reveals that other forms of malicious software delivered using remote access Trojans, keyloggers and botnets still represent a significant hazard in 2016. Unlike ransomware, so-called ‘quiet malware’ is designed to avoid detection while maintaining a presence within the affected organization for extended periods of time. While only 2.75 percent of phishing emails delivered non-ransomware malware, the diversity of unique malware samples delivered by these emails far exceeded that of the more numerous ransomware delivery campaigns.

Rohyt Belani, CEO and Co-founder of PhishMe added, “The rapid awareness and attention on ransomware has forced threat actors to pivot and iterate their tactics on both payload and delivery tactics. This sustained tenacity shows that awareness of phishing and threats is not enough. Our research shows that without a phishing defense strategy, organizations are susceptible to not just the voluminous phishing emails used to deliver ransomware, but also the smaller and less-visible sets of emails used to deliver the same malware that has been deployed for years. Only by preparing for these attacks is it possible to empower users to act as both human sensors for detecting attacks and partners in preventing threat actors from succeeding.”

To download a full copy of the Q3 2016 Malware Review, click here.

 

Connect with PhishMe Online

 About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.

PhishMe Ranked No. 152 Fastest Growing Company in North America on Deloitte’s 2016 Technology Fast 500™

Company Attributes Massive Revenue Growth to its Unique Approach to Preventing and Mitigating Cyber Attacks

Leesburg, VA – November 17, 2016 – PhishMe, a global provider of phishing defense and intelligence solutions for the enterprise, today announced it ranked No. 152 on Deloitte’s Technology Fast 500™, a ranking of the 500 fastest growing technology, media, telecommunications, life sciences and energy tech companies in North America based on revenue growth. PhishMe grew 564.1 percent over the last three years, as enterprises implement its suite of products to mitigate cybersecurity threats.

“The  unprecedented increase in frequency and damage caused by cyberattacks in the recent past has created a demand for innovative defensive solutions that can adapt to the attackers changing tools and techniques,” said Rohyt Belani, PhishMe CEO. “Our dogged focus on innovation followed through with strong execution have supported the company’s explosive growth over the last three years. We are honored to be recognized on this coveted list by Deloitte.”

“Today, when every organization can be a tech company, the most effective businesses not only foster the courage to explore change, but also encourage creativity in using and applying existing assets in new ways, as resourcefully as possible,” said Sandra Shirai, principal, Deloitte Consulting LLP and U.S. technology, media and telecommunications industry leader. “This ingenious approach to innovation calls for the encouragement of curiosity and collaboration both within and outside the office walls.”

“This year’s Fast 500 winners showcase that when organizations are open to diverse perspectives and insights, they are able to create an environment for their employees and customers to see the possibilities and ingenious solutions that might lie ahead,” added Jim Atwell, national managing partner of the emerging growth company practice, Deloitte & Touche LLP. “Entrepreneurial environments foster change and innovation within businesses, and we look forward to watching these companies continue to drive change across all sectors.”

PhishMe, Inc. previously ranked number 99 as a Technology Fast 500™ award winner for 2015. Overall, 2016 Technology Fast 500™ companies achieved revenue growth ranging from 121 percent to 66,661 percent from 2012 to 2015, with median growth of 290 percent.

About Deloitte’s 2016 Technology Fast 500™

Deloitte’s Technology Fast 500 provides a ranking of the fastest growing technology, media, telecommunications, life sciences and energy tech companies – both public and private – in North America. Technology Fast 500 award winners are selected based on percentage fiscal year revenue growth from 2012 to 2015.

In order to be eligible for Technology Fast 500 recognition, companies must own proprietary intellectual property or technology that is sold to customers in products that contribute to a majority of the company’s operating revenues. Companies must have base-year operating revenues of at least $50,000 USD, and current-year operating revenues of at least $5 million USD. Additionally, companies must be in business for a minimum of four years and be headquartered within North America.

As used in this document, “Deloitte” means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.

PhishMe Appoints Shane McGee as General Counsel & Chief Privacy Officer

Expansion of Management Team Signals PhishMe’s Commitment to Privacy, Compliance and Ethics

 Leesburg, VA – November 10, 2016 – PhishMe, a global provider of phishing defense and intelligence solutions for the enterprise, announced today it has expanded its senior leadership team and appointed Shane McGee as general counsel & chief privacy officer. McGee will be responsible for all of PhishMe’s legal affairs, acting as a strategic business partner and providing advice and oversight in several areas including privacy, compliance and ethics.

“PhishMe is growing and maturing as a company and we’re excited to welcome someone to the team with experience as extensive and impressive as Shane’s,” said Rohyt Belani, CEO of PhishMe. “This addition to the management team is the next step in our continuing growth and ongoing commitment to protect our company and customers globally.”

McGee joins PhishMe from FireEye where he was chief privacy officer and vice president of policy and managed the company’s global privacy program. He also led FireEye’s government affairs team, whose aim was to promote security policy changes around the world to safeguard against the increasing amount of cyberattacks from hackers and state-sponsored actors. He will now bring this expertise to PhishMe to continue those efforts and help lead the way in cracking down on phishing and malware scams, most notably ransomware, which has recently become the top cybercrime.

“In our digital world, cybersecurity is one of the fastest growing market sectors today, and PhishMe is in a position to make a real difference in the business community,” said McGee. “By joining PhishMe, a global leader in cybersecurity, I now have the unique opportunity to work with more than half of the Fortune 100 companies in their efforts to avoid and mitigate the damage done by cyberattacks.”

For nearly 20 years, McGee has been a practicing attorney focusing on data privacy and security law. He served as Mandiant’s General Counsel in charge of handling legal and government affairs for the company, and negotiated and finalized the sale of Mandiant to FireEye for more than $1 billion. Prior to joining Mandiant, McGee was a partner with SNR Denton (now Dentons) a large international law firm, where he was chair of the firm’s U.S.-based Data Protection Group.

Over the course of his career, McGee has counseled some of the world’s largest technology companies on privacy, compliance and security issues. He has represented several clients in privacy-related FTC inquiries, counseled clients on transactions involving large volumes of consumer data, and joined litigation teams on cases involving technology rights and advanced electronic discovery issues. Before going into law, McGee was programmer, consultant and instructor, and remains a Certified Information System Security Professional (CISSP).

 

About PhishMe

 PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.

PhishMe Adds International Training Modules to Complimentary Computer Based Training Program

Leesburg, VA – October 31, 2016 – PhishMe, a global provider of phishing defense and intelligence solutions for the enterprise, today announced the availability of new international modules for its complimentary CBT program, CBFree. The release, which follows PhishMe’s recognition as a leader by Gartner in the research firm’s 2016 Security Awareness Computer-Based Training Magic Quadrant, provides six fully translated and localized editions of CBFree. Available to any organization regardless of whether they are a PhishMe customer, CBFree provides employees with security awareness training on today’s greatest cybersecurity threats including spear-phishing, ransomware, and business email compromise (BEC).

Released during National Cyber Security Month in the U.S., the new modules have been delivered as a response to the huge number of localization requests PhishMe receives every month from organizations wanting to meet compliance obligations. Recognizing that cybercrime is a global problem and that many organizations have an internal requirement to provide a broader program for security awareness training to their employees, the localized modules for CBFree enable access to world class non-English CBT lessons.

“CBFree has proved extremely popular among companies looking to provide awareness CBTs to expand their security awareness programs and satisfy compliance requirements,” explained Jeff Orloff, Director of Content at PhishMe. “With our new international modules, we’ve made this valuable educational content available to a much wider audience. That said, PhishMe acknowledges that awareness is not the problem. CBTs alone won’t address the full extent of the cybersecurity problem. By offering CBTs at no cost, PhishMe is enabling organizations to focus their resources on instituting impactful programs to effect real changes in behavior.”

Now available in English, French, German, Japanese, Chinese, Spanish and Portuguese, PhishMe’s current library of complimentary CBTs includes 15 security awareness modules and three compliance training modules. The second phase of the International launch will accommodate for languages in the Middle East, Russia and Italy.

“Cyber Security Month has been illuminating this year for the security industry,” concluded Rohyt Belani, CEO, PhishMe. “The level of discussion around threats faced by the business community is higher and more complex than ever before. This, coupled with the growing popularity of our CBFree program and demand for international modules, emphasizes the growing need for company-wide engagement around cybersecurity. However, if we want to make a dent in the enormous scale of this problem and protect global enterprise now and in the future, we must continually expose employees to safe, managed experiences that condition them to adjust core behaviors. Only then will our line of defense be strong enough to make a difference.”

To learn more and to download these modules, please visit PhishMe CBFree.

To receive a complimentary copy of the Gartner 2016 Security Awareness Computer-Based Training Magic Quadrant, click here.

About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision-making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.

PhishMe, Inc. Recognized by Washington Business Journal as One of Washington D.C.’s Fastest Growing Companies

LEESBURG, VA – October 28, 2016 PhishMe, Inc. a global provider of phishing defense and intelligence solutions for the enterprise, announced today that the Washington Business Journal has ranked the company as #21 of Washington’s 50 fastest growing private companies of 2016. PhishMe’s team was honored at a public award ceremony on Thursday, October 27, where their ranking on the list was announced. Additionally, the list has been published on the Washington Business Journal’s site.

This highly competitive list is comprised of companies that have recorded consecutive year-over-year growth of more than $2 million in revenue in 2013 and more than $10 million in revenue in 2015. The firms are privately held during the reporting period and must be headquartered in the Washington D.C. area. They cannot be subsidiaries of other companies. The Washington Business Journal then calculates the revenue growth percentages by which the companies are ranked. Only the top 50 make the list.

“Making the Washington Business Journal’s list of the fastest growing companies is a great honor and an indication of all the hard work our team has been doing,” said Rohyt Belani, Co-Founder and CEO of PhishMe. “As cybersecurity continues to be at the forefront of businesses in this digital age, our strong business fundamentals and ability to adapt to the market has afforded us the platform for strong growth.”

PhishMe has recently achieved record cumulative growth of more than 560 percent over the last three years. In addition, the company has helped more than half of the Fortune 100 organizations defend themselves against thousands of phishing attacks perpetrated by cybercriminals across the globe, helping PhishMe attain a 93 percent gross retention and negative net churn. This has resulted in PhishMe also being recognized as a leader in the 2016 Gartner Magic Quadrant for Security Awareness Computer-Based Training.

The company’s growth has landed PhishMe on multiple lists of the nation’s fastest growing companies, including Deloitte’s Technology Fast 500 and the Inc. 500/5000 Awards.

Connect with PhishMe Online

About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.

PhishMe Recognized by Gartner as a Leader in Magic Quadrant for Security Awareness CBT 2016

 PhishMe positioned as a leader for ability to execute and its completeness of vision

Leesburg, VA – October 28 2016 – PhishMe, a global provider of phishing defense and intelligence solutions for the enterprise, announced today it was positioned as a leader by Gartner, Inc. in the global research firm’s 2016 Security Awareness Computer-Based Training Magic Quadrant for its ability to execute and its completeness of vision.

To receive a complimentary copy of the report, go to the PhishMe website.

“We are especially pleased to be included as a leader in the Gartner Security Awareness CBT Magic Quadrant this year,” stated Rohyt Belani, CEO and Co-Founder, PhishMe. “We take a more interactive approach to security awareness than the traditional vendors. PhishMe creates awareness and training materials as part of its Human Phishing Defense platform, which is designed to modify behavior through experiential learning and engagement. It’s an approach which has been proven to reduce the threat of employees falling victim to sophisticated cyberattacks by up to 95 percent.”

PhishMe provides a complete anti-phishing product portfolio that engages both everyday user and the IT Security response teams.  “PhishMe aggressively invests in new product capabilities and services, which is a critical requirement for any cybersecurity company,” commented Aaron Higbee, CTO and Co-Founder, PhishMe.  “Hackers are always coming up with new ways to circumnavigate our defenses and the onus is on security vendors to develop new ways to respond. We believe that Gartner has recognized PhishMe’s technical innovations and growth in this area.”

To protect against advanced phishing attacks coming from motivated attackers, many modern enterprises rely on PhishMe – including more than 50 percent of the Fortune 100 – as the foundation of their security programs. This is one more indication of PhishMe’s leadership in the security industry, along with many other awards and honors that the company has received, including the most recent accolades from: the 2016 SC Award, 2016 Inc 500/5,000 award, 2016 EY Entrepreneur of the Year finalist, 2016 Information Security Products Guide Global Excellence Award, 2016 CDM Infosec Awards and 2016 Washington Business Journal Best Place to Work Award.

To learn more about PhishMe’s solutions, please visit www.phishme.com.  The PhishMe human defense solution suite includes PhishMe Simulator, PhishMe Reporter, PhishMe Triage, PhishMe Intelligence and PhishMe CBFree.

 

Connect with PhishMe Online

 

Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including all warranties of merchantability or fitness for a particular purpose.

About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.